The netForensics V3.1.1 product is a Security Information Management (SIM) tool in that it collects and analyzes information from Security Devices deployed in a network and provides users with tools for viewing and evaluating the collective state of security.
\r\nThe netForensics product is produced by netForensics, Inc., 200 Metroplex Drive, Edison, NJ 08817.
\r\nnetForensics collects, normalizes, aggregates and correlates data from a number of third-party Security Devices. Users are able to monitor the collected data in real-time at differing levels of granularity and aggregation through pre-defined views. A wide-range of canned reports, queries, and drilldowns are provided to support forensics, analysis, and risk assessment.
\r\nnetForensics is comprised of the following components:
\r\nThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the netForensics TOE meets the security requirements contained in the Security Target.
\r\nThe criteria against which the netForensics TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the netForensics TOE is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in April, 2005. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-05-0097, dated 7 April 2005) prepared by CCEVS.
\r\nThe Validator notes that because this is a software-only product it is dependent upon the underlying platform for some protections. Furthermore, no capabilities to protect data transmissions between its components were evaluated. This is a concern when the product is deployed in a distributed configuration across a network as would be likely.
","environmental_strengths":"The netForensics TOE provides security audit, system analysts’ access policy, identification and authentication, and security information management features as they relate to enterprise security information management.
\r\nSecurity Audit - Actions taken by System Analysts generate audit records.
\r\nSystem Analysts’ Access Policy - The availability of SIM Data for monitoring and reporting depends on the mappings between System Analysts and Security Devices, because all SIM Data derives from Security Devices.
\r\nIdentification and Authentication - netForensics supports two types of users. An Administrator who has complete control over all aspects of configuration and TSF Data, and a System Analyst whose access is limited to SIM Data from specific Security Devices. Both user interfaces, the nF SIM Desktop and the nF Security Portal, require users to identify and authenticate before accessing.
\r\nAdministration - The netForensics administration user interface, accessible through the nF SIM Desktop, provides Administrators with the ability to view and centrally manage all users, System Analysts’ Access Rights, Device Integration Policies, and Event Analysis Policies.
\r\nSecurity Information Management - The nF Agents collect event messages from supported security devices and parse them into normalized SIM Data in accordance with a Device Integration Policy. The normalized events are passed to the nf Engine which performs aggregation analysis across all of the supported Security Devices in accordance with an Event Analysis Policy. The nf Master collects all of the SIM Data from the nF Engines and updates real-time GUI components. Users are able to monitor the collected data at differing levels of granularity and aggregation through pre-defined views.","features":[]}